What’s the deal with SS7?

Recently we received a question regarding the Signaling System 7 aka SS7. It is something that is propagated in many.. how should I put this.. low-tier hacking groups as this 100% working 2018 method to hack Facebook.. *sighs*

Signaling System 7 in this context has to do with text messaging – SMS. However, SS7 as a whole is a system that telephone operators (i.e. your carrier) use to communicate with one another across telephone networks. In a sense, SS7 is similar to the SMTP protocol in mail servers (which basically allows an email server to relay a message from their domain to another). Anyway, it is being told that a vulnerability (which one?) can be used to bypass SMS-based 2-factor authentication by having the message be sent to a hacker instead.

Note that this largely unconfirmed vulnerability’s exploitation has very high requirements, little to no documentation and only affects people that do have 2FA enabled, such as myself. For the purpose of this article, I’ll focus on Facebook.

First off, in order to hack the Facebook account of a user that has 2FA enabled, you need access to their email and password, and then you also need to fetch the authentication code. Facebook currently deals with this using notification on other devices that have already been authenticated, though their mobile app also has a built-in authenticator. SMS is only a last resort, which is why trying to exploit this method is not exactly useful. The SMS-based authentication will only be used when all else fails. Considering that most people just keep their Facebook logged in all the time, this is very rarely the case. Also, logins need to be approved using a public IP address which is known to Facebook as one that the user frequently logs in from. In other words, you need to log in from their device.

All these requirements make SS7 exploitation something completely useless to even consider. If you need access to one of the victim’s devices already, why wouldn’t you just use their session, from their device? This is why it is more common to see a host device from the victim being hacked instead and then operated through a RAT (Remote Access Trojan) or similar.

Please note that we at HackingVision do not support Facebook hacking. Questions about this topic are often regarded by senior hackers as foolish, especially when they are asked on Facebook. Personally, I have no idea why this whole topic is even a thing, or that hackers apparently are “not the real deal” when they can’t hack Facebook. There’s more to hacking than just Facebook, Gmail, WhatsApp or whatever, you know.

If you’d like to read a more in-depth explanation of SS7, I would recommend this document from the CS department at Rutgers University.

With that said, I hope that you enjoyed reading this article, and learned a thing or two from it. Thanks for the read – stay curious.